Adrian Lynch

Adrian Lynch

Designer, Developer

Email is dead

I started this post a while back and
Rosemary pointed out that
Dave Shea (and now
John Allsopp) posted the identical subject over the weekend, so I thought I'd get my act together and post it before I am the last person to do so.

I have come to the conclusion that email is dead as we know it due to the over run of spam.

Currently I filter around 4000-5000 spam messages per month just for my email addresses - everyday about 10-20 spam messages still get through to my inbox, and it seems to be getting worse.

A new type of spam

I have been battling
image spam for the last month - and I am convinced that it is a losing battle.

The problem is with all the current methods of preventing spam -
Bayesian filters,
blacklisting and the like - they are all 100% circumventable by spammers.

Bayesian filters completely fail with this new trend of 'image spam' - where the actual spam message is contained in the image and the text associated with the email are random snippets from webpages simply used to make it
look like a real email to the filters.

It's a simple but extremely effective way for Spammers to get the spam in the inbox not the junk folder.

Some of the
suggested methods for battling this type of spam have already been circumvented by the spammers already. They are now randomising the file sizes, dimensions and file names embedded in the emails to prevent detection.

Captcha

Another suggestion for battling image spam is using
OCR (Optical Character Recognition) to convert the spam image into readable text - then run Bayesian filters over the text to confirm that it is actually spam.

Reports from people tackling the problem with this technique have shown that it is
currently very effective at singling out the spam messages.

I say currently, as it would seem logical that the next step for spammers is to use similar techniques used in
CAPTCHA to make it extremely difficult for automated software to analyse the image for spam words, but at the same time readable by the intended audience.

Captcha is currently used to prevent spammers posting on blogs and forums by requiring the poster of a message to enter in the letters and numbers displayed in a distorted image.

It would be ironic that the Captcha techniques used to prevent blog spam would have been turned around and used against us preventing email Spam.

About

This is the personal blog of Adrian Lynch, owner of
Millstream, developers of Spring CMS.